Almost every day, large companies such as Microsoft, Facebook and Cash App become the targets of cyber attacks. But what can smaller businesses with fewer resources do? Business owners often relegate cybersecurity matters to the IT team. But there is a lot of responsibility on the shoulders of business owners and leaders to push the cybersecurity agenda among their ranks.

Read further on exactly what you as a business leader can do to shift your organization’s culture to be more security aware.

Canadian businesses are behind in cybersecurity maturity

A 2022 study conducted by CDW Canada shows many Canadian businesses are behind in their implementation of cybersecurity. The study asked 555 IT security professionals about their workplaces.

The results are quite revealing:

Twenty-seven percent of organizations are described as having an emerging security posture. Forty-three percent of Canadian organizations rank as having an intermediate security posture, 17 percent as having an advanced security posture and 12 percent as having a leading security posture.

The emerging security posture represents the lowest ranking out of four categories on the maturity scale.

Unfortunately, these statistics show that most businesses are not doing enough to protect themselves. They are opening themselves up to a high business impact cost, as well as possible data loss in the event of a cyberattack.

How business leaders can have an impact

CDW Canada made five key recommendations. However, when it comes to company culture, one recommendation stood out for us the most: Leaders of organizations that have created a company culture infused with cybersecurity education among both employees and clients have reported an overall better security posture.

An organization’s culture must be modelled by you as the leader. Therefore, if you are a business owner or executive, here are two easy steps for you to demonstrate cybersecurity leadership:

1. Keep up to date with the latest cybersecurity news and threats 

You should consider subscribing to a newsletter or bulletin about the latest news on cyber-threats, topics, and new ideas. With new threats constantly emerging, it’s important now more than ever to stay informed. An example of such a source is threatpost.com. This site advertises itself as “an independent news site which is a leading source of information about IT and business security for hundreds of thousands of professionals”.

2. Share emerging topics with your teams to create a cultural shift 

When the leader of an organization deems a topic important, everyone listens. Knowing this, you should share important cybersecurity news with your team on a regular basis. For example, the owner of the company should kick off key staff meetings with a discussion on the latest cybersecurity news. Additionally, consider creating campaigns around your office informing staff of best practices. Regular group training such as Indusflow’s anti-phishing training can ensure a collective security-aware environment.

How Indusflow can help

Our fully managed IT clients receive a full portfolio of cybersecurity tools and services under close management by our team. 

If you wish to run some inexpensive anti-phishing training, consider signing up for Sophos Phish Threat. This includes training, testing, and benchmarking of user awareness. For as low as $5/employee/month, Indusflow’s service desk can give you peace of mind by setting up the tools, running campaigns and providing full reporting.